Field
Aspects of the present invention generally relate to an authentication server system that conducts verification of authentication/authorization, and to a method and a storage medium.
Description of the Related Art
Generalization of cloud computing has provided more opportunities for a plurality of services to cooperate. The term “service” used herein represents a function provided by a server connected via a network such as the Internet. In other words, the term “service” represents a web application. The cooperation of the services enables a service provider to provide a new service to a user by adding value to a normal service. Issues can arise as part of the cooperation of the services.
That is, there is a possibility that more information than the user intends to exchange may be exchanged between the servers. This may cause a leakage of user data or personal information of the user. For example, a plurality of services on the Internet may cooperate with one another. In such a case, user data or personal information of a user should not be operated by any service other than a service authorized by the user. Moreover, from a service provider standpoint, it is desired that a service cooperation method be readily implemented.
Accordingly, the standard protocol called OAuth has been developed to achieve cooperation in authorization. According to the OAuth, for example, when an application in a certain terminal accesses data managed by a cloud service, the application is supposed to acquire explicit authorization from a user.
When the user authorizes the access, the application receives a token (hereinafter referred to as an access token) certifying that access authorization is granted. The application uses the access token for subsequent accesses. Hereinafter, an operation for issuance of an access token is referred to as an authorization operation. Japanese Patent Application Laid-Open No. 2015-5202 discusses a technique that uses the OAuth to issue an access token.
Intersystem cooperation according to the OAuth employs a web service such as representational state transfer (REST). Moreover, in recent years, architecture called RESTful model view controller (MVC) has been widely used. This has enabled a function to be provided by the REST with respect to not only the intersystem cooperation according to the OAuth but also a case where a user operates a screen.
Meanwhile, methods for providing functions may be standardized to the REST. Even in such a case, an authentication token is used when a user operates a screen, whereas an access token is used in intersystem cooperation. However, since verification of the authentication token and the access token differs, types of all tokens received by a REST application programming interface (API) need to be determined. Hence, a configuration for invoking a verification module corresponding to each type of the received token is necessary.